[action] [PR:14636] Update golang version for telemetry build in sonic-slave-jessie to fix CVE-2021-33195 #14776

mssonicbld · 2023-04-20T15:32:44Z

No description provided.

sonic-net#14636) Update golang version for telemetry build in sonic-slave-jessie to fix CVE-2021-33195, this PR will be merged into 201911 branch finally. #### Why I did it Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format. Now in 201911 and 202012 branch we're using 1.14.2 ##### Work item tracking - Microsoft ADO **(number only)**:17727291 #### How I did it Bump golang version into 1.15.15 which contains corresponding fix. #### How to verify it unit test to do sanity check.

mssonicbld · 2023-04-20T15:32:53Z

Original PR: #14636

mssonicbld requested a review from lguohan as a code owner April 20, 2023 15:32

mssonicbld mentioned this pull request Apr 20, 2023

Update golang version for telemetry build in sonic-slave-jessie to fix CVE-2021-33195 #14636

Merged

10 tasks

mssonicbld added the automerge label Apr 20, 2023

mssonicbld merged commit 565e24b into sonic-net:202211 Apr 20, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[action] [PR:14636] Update golang version for telemetry build in sonic-slave-jessie to fix CVE-2021-33195 #14776

[action] [PR:14636] Update golang version for telemetry build in sonic-slave-jessie to fix CVE-2021-33195 #14776

mssonicbld commented Apr 20, 2023

mssonicbld commented Apr 20, 2023

[action] [PR:14636] Update golang version for telemetry build in sonic-slave-jessie to fix CVE-2021-33195 #14776

[action] [PR:14636] Update golang version for telemetry build in sonic-slave-jessie to fix CVE-2021-33195 #14776

Conversation

mssonicbld commented Apr 20, 2023

mssonicbld commented Apr 20, 2023